Monday, June 03, 2013

HACK Won't Always Be a Dirty 4-Letter Word

I presented the following prediction as part of a spirited Churchill Club debate with 5 other VCs. It was first published at AllThingsD.

Ever since Hollywood gave us War Games, the fear of cyber apocalypse has gripped America. We’ve outlawed hacking to such an extent that if you’re shut down by a cyber attack, or your data have been stolen, it’s a federal crime to even probe the attacking computers, let alone disable them. Rather than educate and activate our best and brightest hackers, we prosecute and imprison them. 

Businesses haven’t complained because they’ve never wanted to fight back. You can’t prosecute the attackers even if you find them, and admitting a breach may spook customers and even invite more attacks. So instead of fighting, we’ve just quietly taken the punches, and wished it all away. But wishing it away is like trying to reduce teen pregnancy by preaching abstinence.

Two years ago I watched a TED audience cheer Ralph Langner for exposing the Stuxnet worm that our government developed to retard Iran’s nuclear weapons program. It was as if the US and Israel had invented malware. Somehow, it was evil for us to use cyberspace to stop the most vitriolic, warmongering fundamentalist on our planet from making nuclear bombs. Because cyber is “unconventional”, we somehow consider it to be just as taboo to use as nuclear and chemical weapons.

Meanwhile, the NY Times reported this morning that, “Hackers Find China is a Land of Opportunity.” Not only has China allegedly hacked Google and Evernote to spy on its citizens, but it has funded massive efforts to steal information valuable to economies and national security. Attacks on our banks, utilities, and defense contractors can be traced back to units in the Chinese military. We even know what building they’re in.

I do not advocate the theft of IP for economic gain, but as cyber war rages on around us, I predict that Americans will come to appreciate that cyber operations can achieve our military and intelligence objectives far better than bullets and bombs. Cyber weapons are faster, more effective, safer, and orders magnitude cheaper than kinetic weapons. Stuxnet penetrated where missiles cannot.

Indeed, the stigma associated with offensive cyber activity is breaking down, now that cyber attacks have exploded in frequency and scale. The banks are now asking the Feds to join the fight, so DHS, FBI and NSA are trying to figure out how to collaborate, without going to jail themselves for hacking or disclosing classified data.

 "America's economic prosperity in the 21st century will depend on cybersecurity… Protecting this infrastructure will be a national security priority. "
- President Obama

This sea change presents great opportunities for startups to build a new ecosystem of cyber capabilities that actively defend our nation, and support our military and intelligence objectives. We’ve got the best security experts in the world. New startups are enabling the exchange of threat data, using honeypots to collect counter intelligence on foreign hackers, and deploying HADOOP clusters to track botnets. They even develop exploits around newly discovered vulnerabilities to deliver offensive payloads.

Over the next five years, our nation will embrace the capabilities of American hackers to fight back in cyberspace, securing our economy and our lives. Our Defense Department will need fewer bombers, missiles and destroyers, leading to a Cyber Dividend that will fund healthcare, education and debt reduction.

No comments:

Post a Comment